The present invention relates generally to access control techniques, and more particularly, to a method and apparatus for restricting access to a particular device or secure facility using random partial biometrics.
Computers and other devices, as well as secure facilities, often contain proprietary and/or sensitive information, which could be compromised if accessed by unauthorized individuals. Thus, computer devices and secure facilities often incorporate security techniques, such as database access control mechanisms, to prevent unauthorized users from accessing, obtaining or altering the proprietary and/or sensitive information. Authentication techniques allow users to prove their identity and obtain authorized access to a given device or secure facility.
A number of authentication protocols have been developed to prevent the unauthorized access of such devices or locations. For example, access control mechanisms typically utilize some variation of an alphanumeric personal identification number (PIN) or password, that is presumably known only to the authorized user. Upon attempting to access a given device or physical location, the user enters the appropriate password, to establish his or her authority. Many users select a PIN or password that is easy to remember. Thus, there is a significant risk that such passwords may be guessed or otherwise compromised, in which case an attacker can access the given device or location.
To minimize the risk that a password will be compromised, the number of login attempts that may be attempted are often limited, so that an attacker cannot keep trying different passwords until successful. In addition, users are often encouraged or required to change their password periodically. One-time passwords have also been proposed to further increase security, where users are assigned a secret key that may be stored, for example, on a pocket token or a computer-readable card. Upon attempting to access a desired device or location, a random value, referred to as a xe2x80x9cchallenge,xe2x80x9d is issued to the user. The pocket token or computer-readable card then generates a xe2x80x9cresponsexe2x80x9d to the challenge by encrypting the received challenge with the user""s secret key. The user obtains access to the device or location provided the response is accurate. In order to ensure that the pocket token or computer-readable card is utilized by the associated authorized user, the user typically must also manually enter a secret alphanumeric PIN or password.
While such authentication tools reduce the risk of unauthorized access to equipment or facilities, they suffer from a number of limitations, which if overcome, could dramatically increase the utility and effectiveness of such tools. For example, the requirement that the user must carry the pocket token or computer-readable card may not be practical for widespread deployment. Thus, a number of security systems that do not rely on a pocket token or computer-readable card have been developed.
For example, a number of access control mechanisms have secured access to devices or secure locations by evaluating biometric information, such as fingerprints, retinal scans or voice characteristics. For a more detailed discussion of such biometric-based access control systems, see, for example, U.S. Pat. No. 5,897,616, entitled xe2x80x9cApparatus and Methods for Speaker Verification/Identification/Classification Employing Non-Acoustic and/or Acoustic Models and Databases,xe2x80x9d U.S. patent application Ser. No. 09/008,122, filed Jan. 16, 1998, entitled xe2x80x9cA Portable Information and Transaction Processing System and Method Utilizing Biometric Authorization and Digital Certificate Security,xe2x80x9d and U.S. patent application Ser. No. 09/417,645, filed Oct. 14, 1999, entitled xe2x80x9cSystem and Method for Providing Secure Financial Transactions,xe2x80x9d each assigned to the assignee of the present invention and incorporated by reference herein.
Unfortunately, however, the transmission of biometric information over a network can be computationally expensive and consume significant network bandwidth. This is especially true when the biometric information must be transmitted in an encrypted format. A need therefore exists for an improved access control mechanism that uses biometric information to identify (or verify the identity of) a person who is requesting access to a secured device or location. A further need exists for an access control mechanism based on biometric information that minimizes the consumption of network resources.
Generally, a biometric security method and apparatus are disclosed that restrict the ability of a user to access a device or facility. The biometric security system uses biometric data about the user, to identify (or verify the identity of) the user. According to one aspect of the invention, only a portion of the biometric data is used to validate the identity of the user. The user biometric data can include fingerprints, voice characteristics, facial characteristics, handwriting characteristics, tissue characteristics, gestures and any other known biometric data.
Upon a user request to access a secure device or facility, a portion of digitized user biometric data is sent to a central biometric security system to identify (or verify the identity of) the user. The portion of the digitized user biometric data can include a portion of a digitized image, for example, when the biometric data consists of a fingerprint, facial characteristic or handwriting characteristic, or a portion of speech segments when the biometric data consists of voice characteristics. Since only a random portion of the potentially confidential biometric information is being transmitted, the present invention allows the biometric portions to be transmitted over unsecured communication lines, and even if captured by an eavesdropper, the full biometric image is not obtained.
The disclosed biometric security system initially sends a first request for a specific sample of a portion of the biometric information of the user. The specific sample may be identified, for example, using a set of image coordinates. In response to the first request, a sampling of the user biometric information, referred to herein as a biometric portion, is obtained. A second request is also sent to retrieve a biometric prototype associated with the user from a database of registered users. In response to the second request, a corresponding sample of the user biometric portions is extracted from the biometric prototype stored for the user. The central biometric security system then compares the user biometric portion with the corresponding biometric prototype portion. The user is permitted to access the requested device if the user biometric portion(s) matches the corresponding biometric prototype portion(s).
In one variation, the biometric security system of the present invention transmits a security agent to the user""s computing device upon a user request to access a remote device. The security agent serves to extract user biometric portions in accordance with the sampling request from the central biometric security system.
In another variation, a local recognition is performed before a remote recognition to reduce the risk of a failed server side recognition due to a poor biometric feature. Upon a user request to access a remote device, the central biometric security system initially requests a user biometric portion from the biometric sensor unit. Thereafter, the central biometric security system obtains the user biometric prototype, for example, from a database server. The biometric sensor unit(or the computing device itself) then performs a local recognition (identification or verification of identity) or validation (validity of quality or acceptability of the extracted features) of the biometric data.
Once the biometric sensor unit has performed the local recognition or validation, the biometric sensor unit transmits the biometric portion(s) to the central biometric security system. The central biometric security system then compares the received user biometric portion(s) with the corresponding portions of the biometric prototype portion(s). The central biometric security system allows the user to access the requested remote device if the detailed comparison of the user biometric portion(s) and the biometric prototype portion(s) exceeds a predefined threshold.
A more complete understanding of the present invention, as well as further features and advantages of the present invention, will be obtained by reference to the following detailed description and drawings.